Ordinateur infecté

[tunesl1tr]

bonjour jai 2 problème sur ma machine premierement, je perd mais icon et ma barre de tache sur mon bureau seul solution jai trouver pour la ravoir c en rebootent mon ordi.

 

Deuxiemement jais plusieur trojan dont l'un est virtumonde et plusieur autre je poste mon log danalyse de hijackthis:

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 22:00:05, on 2008-07-08

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe

C:\Program Files\Netropa\Onscreen Display\OSD.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Program Files\Spyware Doctor\pctsGui.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\System32\Rundll32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Windows Live\installer\WLSetupSvc.exe

C:\WINDOWS\explorer.exe

E:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [{ed4714d3-1995-52e9-4117-b8f4550c041c}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\pygdnuivmrmodtoq.dll" DllStart

O4 - HKLM\..\Run: [AntiSpywareMaster] C:\Program Files\AntiSpywareMaster\asm.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [bMf3044ad2] Rundll32.exe "C:\WINDOWS\system32\nwuuwull.dll",s

O4 - HKLM\..\Run: [f037794e] rundll32.exe "C:\WINDOWS\system32\bvgmglbi.dll",b

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [Mwto] "C:\WINDOWS\SKS~1\chkntfs.exe" -vt yazb

O4 - HKCU\..\Run: [Mxistsrh] C:\WINDOWS\?dobe\w?nword.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\ncntmtdm.exe

O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rswnw64l.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1215439294515

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

 

merci d'avance

[bruce lee]

Bonjour tunesl1tr,

 

Télécharger Malwarebytes' Anti-Malware depuis http://www.besttechie.net/tools/mbam-setup.exe

Enregistrer ce fichier sur le Bureau.

Faire un double clic sur mbam-setup.exe pour lancer l'installation (Accepter le contrat de licence, puis valider les options par défaut).

Sur le dernier écran de la procédure d'installation, cocher la case située devant "Mettre à jour Malwarebytes' Anti-Malware", puis cliquer sur le bouton "Terminer".

 

Désactiver le module résident de ton antivirus.

Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.

Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".

Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen complet" puis cliquer sur le bouton Rechercher.

Attendre sans rien faire d'autre la fin de la recherche, puis cliquer sur le bouton "Afficher les résultats".

Vérifier que toutes les lignes sont cochées.

Cliquer sur le bouton "Supprimer la sélection"

Attendre patiemment sans rien faire d'autre la fin du nettoyage.

Un redémarrage est parfois nécessaire. Accepter.

Une fenêtre du Bloc-notes s'ouvre pour afficher le rapport. Fermer le Bloc-notes.

Cliquer sur le bouton "Quitter" pour fermer Malwarebytes' Anti-Malware.

 

Poste le log de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-*-**-**** (**-**-**).txt situé dans le dossier d'installation de Malwarebytes' Anti-Malware / *-**-**** (**-**-**) représente la date [mois-jour-année] et l'heure [hh-mn-ss])

 

1. Télécharge combofix.exe (par sUBs) ici :

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

http://subs.geekstogo.com/ComboFix.exe

http://www.forospyware.com/sUBs/ComboFix.exe

 

sur ton Bureau.

 

2. Double clique sur combofix.exe pour lancer le scan.

3. Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

[tunesl1tr]

voici mon log malwarebyte' anti-malware:

 

Malwarebytes' Anti-Malware 1.20

Version de la base de données: 935

Windows 5.1.2600 Service Pack 2

 

21:43:40 2008-07-09

mbam-log-7-9-2008 (21-43-40).txt

 

Type de recherche: Examen complet (C:\|E:\|)

Eléments examinés: 215567

Temps écoulé: 40 minute(s), 2 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 3

Clé(s) du Registre infectée(s): 27

Valeur(s) du Registre infectée(s): 3

Elément(s) de données du Registre infecté(s): 3

Dossier(s) infecté(s): 1

Fichier(s) infecté(s): 46

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

C:\WINDOWS\system32\mwfolwmu.dll (Trojan.Vundo) -> Unloaded module successfully.

C:\WINDOWS\system32\urqRHwUK.dll (Trojan.Vundo) -> Unloaded module successfully.

C:\WINDOWS\system32\mlJYrsqP.dll (Trojan.Vundo) -> Unloaded module successfully.

 

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a9e4036e-a6a8-494c-a2ee-327e6bef8e69} (Trojan.Vundo) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{a9e4036e-a6a8-494c-a2ee-327e6bef8e69} (Trojan.Vundo) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{85891cf5-118e-44af-8682-a7b08d33a9e7} (Trojan.Vundo) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85891cf5-118e-44af-8682-a7b08d33a9e7} (Trojan.Vundo) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mljyrsqp (Trojan.Vundo) -> Delete on reboot.

HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{9f593aac-ca4c-4a41-a7ff-a00812192d61} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{749ec66f-a838-4b38-b8e5-e65d905fff74} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\il download manager (Rogue.Installer) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\toxic biohazard (Rogue.Installer) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gooochi (Rogue.Installer) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{cf2818bd-fad5-0094-2dd1-b8c90593cf3a} (Rogue.Installer) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fl studio 8 (Rogue.Installer) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\AntiSpywareMaster (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\MySidesearch (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deewoo Network Manager (Adware.Radio) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f037794e (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{85891cf5-118e-44af-8682-a7b08d33a9e7} (Trojan.Vundo) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmf3044ad2 (Trojan.Agent) -> Delete on reboot.

 

Elément(s) de données du Registre infecté(s):

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqrhwuk -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqrhwuk -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

C:\Program Files\AntiSpywareMaster (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

C:\WINDOWS\system32\urqRHwUK.dll (Trojan.Vundo) -> Delete on reboot.

C:\WINDOWS\system32\KUwHRqru.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\KUwHRqru.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\bkayjghc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\chgjyakb.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\bvgmglbi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\iblgmgvb.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mwfolwmu.dll (Trojan.Vundo) -> Delete on reboot.

C:\WINDOWS\system32\umwlofwm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mlJYrsqP.dll (Trojan.Vundo) -> Delete on reboot.

C:\Program Files\Image-Line\Downloader\Uninstall.exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\Program Files\Image-Line\Toxic Biohazard\Uninstall.exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{96F01DAA-D378-4248-9573-9FA18879C7F3}\RP45\A0024222.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{96F01DAA-D378-4248-9573-9FA18879C7F3}\RP45\A0024224.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{96F01DAA-D378-4248-9573-9FA18879C7F3}\RP45\A0024227.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{96F01DAA-D378-4248-9573-9FA18879C7F3}\RP45\A0024229.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{96F01DAA-D378-4248-9573-9FA18879C7F3}\RP45\A0024233.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{96F01DAA-D378-4248-9573-9FA18879C7F3}\RP45\A0024234.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{96F01DAA-D378-4248-9573-9FA18879C7F3}\RP45\A0024240.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{96F01DAA-D378-4248-9573-9FA18879C7F3}\RP45\A0024241.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{96F01DAA-D378-4248-9573-9FA18879C7F3}\RP45\A0024242.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{96F01DAA-D378-4248-9573-9FA18879C7F3}\RP45\A0024245.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{96F01DAA-D378-4248-9573-9FA18879C7F3}\RP45\A0024247.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{96F01DAA-D378-4248-9573-9FA18879C7F3}\RP45\A0024248.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{96F01DAA-D378-4248-9573-9FA18879C7F3}\RP45\A0024250.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{96F01DAA-D378-4248-9573-9FA18879C7F3}\RP45\A0024253.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{96F01DAA-D378-4248-9573-9FA18879C7F3}\RP45\A0024255.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{96F01DAA-D378-4248-9573-9FA18879C7F3}\RP45\A0024257.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{96F01DAA-D378-4248-9573-9FA18879C7F3}\RP45\A0024391.exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{96F01DAA-D378-4248-9573-9FA18879C7F3}\RP45\A0024413.exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{96F01DAA-D378-4248-9573-9FA18879C7F3}\RP45\A0024417.exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{96F01DAA-D378-4248-9573-9FA18879C7F3}\RP53\A0040424.dll (Adware.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\g74.exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\klbpjzjyhjvin.exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\pwcndjiabgtdjjmqt.dll-uninst.exe (Rogue.Installer) -> Quarantined and deleted successfully.

E:\Program Files\Image-Line\FL Studio 8\Uninstall.exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\gside.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ktpcdods.dll (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\qoMdeDVm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\cbXOHWNG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\hgGwTkLc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\hgGyxwXn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

[tunesl1tr]

je n'est pas eu de log quand combo fix a terminer

[bruce lee]

Bonjour tunesl1tr,

 

1/ Ouvre le Bloc-notes ( Menu Démarrer\Tous les programmes\Accessoires\Bloc-notes)

 

2/ Copie ce qui est en citation ci-dessous (sans le mot citation) par sélection puis Ctrl-C :

 

Filelook::

C:\WINDOWS\system32\ezsidmv.dat

 

Folder::

C:\WINDOWS\c3RldmUgZHVwb250

C:\WINDOWS\system32\secX

C:\WINDOWS\system32\olixds01

C:\WINDOWS\system32\ine

C:\WINDOWS\system32\dev2

C:\Temp\stmpv4

 

File::

C:\714.bat

C:\WINDOWS\system32\pwcndjiabgtdjjmqt.dll

C:\WINDOWS\system32\iifcCrOf.dll

C:\WINDOWS\system32\sotr.dll

 

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03017810-cd66-849f-a47c-d11269d5080b}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7403BC49-1B92-4F00-8683-46D8895A3DAD}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FE38E56B-2F85-7550-FD3A-0DA2E0E94BB6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"{ed4714d3-1995-52e9-4117-b8f4550c041c}"=-

 

-Enregistre ce fichier dans: Bureau

-Nom du fichier : CFScript

-Type du fichier : tous les fichiers

-clique sur Enregistrer

-quitte le Bloc Notes

 

 

[*]Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

 

• Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide.
  
• Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
  Ne touche à rien tant que le scan n'est pas terminé.
  
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  
• Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
  

[tunesl1tr]

ComboFix 08-07-09.2 - Steve 2008-07-10 13:30:46.2 - NTFSx86

Endroit: C:\Documents and Settings\Steve\Bureau\ComboFix.exe

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:\Temp\1cb

C:\Temp\1cb\syscheck.log

C:\WINDOWS\dobe~1

C:\WINDOWS\pskt.ini

C:\WINDOWS\sks~1

C:\WINDOWS\sks~1\??sks\

C:\WINDOWS\system32\bdqsqy.dll

C:\WINDOWS\system32\fOrCcfii.ini

C:\WINDOWS\system32\fOrCcfii.ini2

C:\WINDOWS\system32\grcgjq.dll

C:\WINDOWS\system32\hjrkjccr.ini

C:\WINDOWS\system32\hwbasbhx.dll

C:\WINDOWS\system32\KUwHRqru.ini

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\mlJYrsqP.dll

C:\WINDOWS\system32\MSINET.oca

C:\WINDOWS\system32\nwuuwull.dll

C:\WINDOWS\system32\pygdnuivmrmodtoq.dll

C:\WINDOWS\system32\qtqvjeaw.dll

C:\WINDOWS\system32\talodxet.dll

C:\WINDOWS\system32\urqRHwUK.dll

C:\WINDOWS\system32\vcdvli.dll

 

.

((((((((((((((((((((((((((((( Fichiers créés 2008-06-10 to 2008-07-10 ))))))))))))))))))))))))))))))))))))

.

 

2008-07-09 18:34 . 2008-07-09 18:34 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-07-09 18:34 . 2008-07-09 18:34 <REP> d-------- C:\Documents and Settings\Steve\Application Data\Malwarebytes

2008-07-09 18:34 . 2008-07-09 18:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-07-09 18:34 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys

2008-07-09 18:34 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-07-08 22:41 . 2008-07-08 22:41 <REP> d-------- C:\Program Files\Avira

2008-07-08 22:41 . 2008-07-08 22:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-07-08 21:38 . 2008-07-08 23:09 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2008-07-08 21:37 . 2008-07-08 21:40 <REP> d-------- C:\Program Files\Spyware Doctor

2008-07-08 21:37 . 2008-07-08 21:37 <REP> d-------- C:\Documents and Settings\Steve\Application Data\PC Tools

2008-07-08 21:37 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2008-07-08 21:37 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2008-07-08 21:37 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2008-07-08 21:37 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2008-07-07 22:50 . 2006-06-20 04:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll

2008-07-07 22:19 . 2008-07-09 08:34 110,478 --a------ C:\WINDOWS\BMf3044ad2.xml

2008-07-07 19:40 . 2008-07-07 19:40 58 --a------ C:\SCRIPT.CLN

2008-07-07 19:40 . 2008-07-07 19:40 17 --a------ C:\MAINMSG.DAT

2008-07-07 19:40 . 2008-07-07 19:40 12 --a------ C:\DISKFREE.DAT

2008-07-07 19:40 . 2008-07-07 19:40 8 --a------ C:\WINDOWS\$tmp$.tm$

2008-07-07 19:40 . 2008-07-07 19:40 1 --a------ C:\PROGRES.DAT

2008-07-07 19:06 . 2008-07-07 21:22 <REP> d-------- C:\Program Files\Spybot - Search & Destroy

2008-07-07 19:06 . 2008-07-07 21:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-07-07 12:38 . 2008-07-08 13:58 <REP> d--h----- C:\$AVG8.VAULT$

2008-07-07 12:19 . 2008-07-07 18:14 <REP> d-------- C:\WINDOWS\system32\drivers\Avg

2008-07-07 12:19 . 2008-07-07 12:31 <REP> d-------- C:\Documents and Settings\Steve\Application Data\AVGTOOLBAR

2008-07-07 12:19 . 2008-07-07 13:13 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys

2008-07-07 12:19 . 2008-07-07 13:14 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys

2008-07-07 12:19 . 2008-07-07 13:13 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

2008-07-07 10:40 . 2008-07-07 21:22 <REP> d-------- C:\WINDOWS\system32\olixds01

2008-07-07 10:22 . 2008-07-07 10:22 <REP> dr------- C:\Documents and Settings\LocalService\Favoris

2008-07-07 10:10 . 2008-07-07 18:00 <REP> d-------- C:\WINDOWS\system32\secX

2008-07-07 10:10 . 2008-07-07 17:59 <REP> d-------- C:\WINDOWS\system32\olixds05

2008-07-07 10:10 . 2008-07-07 17:58 <REP> d-------- C:\WINDOWS\system32\ine

2008-07-07 10:10 . 2008-07-07 17:55 <REP> d-------- C:\WINDOWS\system32\dev2

2008-07-07 10:10 . 2008-07-07 12:39 <REP> d--hs---- C:\WINDOWS\c3RldmUgZHVwb250

2008-07-07 10:10 . 2008-07-07 10:10 <REP> d-------- C:\Temp\stmpv4

2008-07-07 10:10 . 2008-07-09 22:34 <REP> d-------- C:\Temp

2008-07-07 10:10 . 2008-07-07 10:10 359 --a------ C:\714.bat

2008-07-07 10:06 . 2005-02-24 23:35 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-07-07 10:01 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll

2008-07-07 09:55 . 2008-07-09 22:54 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-07-07 09:55 . 2008-07-07 09:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple

2008-07-07 09:45 . 2002-07-11 08:47 98,304 --------- C:\WINDOWS\system32\msikbd.dll

2008-07-07 09:45 . 2000-06-08 03:09 28,672 --------- C:\WINDOWS\system32\msiosd32.dll

2008-07-07 09:45 . 2001-12-20 10:02 6,656 --------- C:\WINDOWS\system32\drivers\Msikbd2k.sys

2008-07-07 09:45 . 2008-07-08 07:52 295 --a------ C:\WINDOWS\WININIT.INI

2008-07-07 09:45 . 2008-07-10 13:34 245 --a------ C:\WINDOWS\Msiosd.ini

2008-07-07 01:04 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2008-07-07 01:04 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys

2008-07-07 01:04 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

2008-07-07 01:04 . 2004-08-04 00:54 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll

2008-07-07 01:04 . 2004-08-04 00:45 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys

2008-07-07 01:04 . 2004-08-04 00:45 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys

2008-07-07 01:04 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2008-07-07 01:04 . 2001-08-23 17:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys

2008-07-07 01:04 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-07-07 01:04 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

2008-07-07 00:29 . 2008-07-07 10:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NexonUS

2008-07-06 21:50 . 2008-07-07 09:45 <REP> d-------- C:\Program Files\Netropa

2008-07-05 23:34 . 2008-07-07 00:54 <REP> d-------- C:\Program Files\ASIO4ALL v2

2008-07-05 23:33 . 2002-07-07 18:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm

2008-07-05 23:32 . 2008-07-05 23:32 <REP> d-------- C:\Program Files\Outsim

2008-07-05 23:29 . 2008-07-05 23:35 <REP> d-------- C:\Program Files\Image-Line

2008-07-03 10:45 . 2008-07-03 10:45 364,544 --a------ C:\WINDOWS\system32\pwcndjiabgtdjjmqt.dll

2008-06-28 22:20 . 2008-07-07 09:54 <REP> d-------- C:\Documents and Settings\Steve\Application Data\teamspeak2

2008-06-28 22:20 . 2008-06-28 22:20 34,064 --a------ C:\WINDOWS\system32\lhacm.acm

2008-06-28 22:19 . 2008-07-07 09:54 <REP> d-------- C:\Program Files\Teamspeak2_RC2

2008-06-25 22:57 . 2008-07-07 00:58 <REP> d-------- C:\Program Files\Knight Online

2008-06-17 09:00 . 2008-07-07 01:00 <REP> d-------- C:\AeriaGames(2)

2008-06-16 18:48 . 2008-06-16 18:48 <REP> d-------- C:\WINDOWS\system32\LogFiles

2008-06-16 17:10 . 2008-07-07 00:03 <REP> d-------- C:\Documents and Settings\Steve\Application Data\skypePM

2008-06-16 17:10 . 2008-06-16 17:10 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat

2008-06-16 17:07 . 2008-07-07 01:00 <REP> d-------- C:\Program Files\Skype

2008-06-16 17:07 . 2008-07-07 01:00 <REP> d-------- C:\Documents and Settings\Steve\Application Data\Skype

2008-06-16 17:06 . 2008-07-07 01:00 <REP> d-------- C:\Program Files\Windows Live Toolbar

2008-06-16 17:06 . 2008-07-07 01:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype

2008-06-14 12:54 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-06-13 15:50 . 2008-07-07 19:44 <REP> d-------- C:\Documents and Settings\Steve\Application Data\LimeWire

2008-06-13 15:49 . 2008-07-08 21:37 <REP> d-------- C:\Program Files\Google

2008-06-13 15:48 . 2008-06-13 15:49 <REP> d-------- C:\Program Files\Java

2008-06-13 15:48 . 2008-06-13 15:48 <REP> d-------- C:\Program Files\Fichiers communs\Java

2008-06-13 15:46 . 2008-07-07 01:01 <REP> d-------- C:\Program Files\LimeWire

2008-06-13 15:26 . 2008-07-09 22:54 <REP> d-------- C:\Documents and Settings\Steve\Contacts

2008-06-13 15:07 . 2008-06-16 17:03 <REP> d-------- C:\Program Files\Windows Live

2008-06-13 15:07 . 2008-07-09 22:53 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller

2008-06-13 15:07 . 2008-07-09 22:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-06-13 15:00 . 2008-06-26 20:00 <REP> d-------- C:\WINDOWS\$hf_mig$

2008-06-13 14:27 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll.wusetup.10866593(2).new

2008-06-13 14:27 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui

2008-06-13 14:27 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui

2008-06-13 14:27 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui

2008-06-13 14:27 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui

2008-06-13 14:23 . 2008-07-07 09:56 <REP> d-------- C:\Program Files\iTunes

2008-06-13 14:23 . 2008-06-13 14:23 <REP> d-------- C:\Program Files\iPod

2008-06-13 14:23 . 2008-07-07 09:56 <REP> d-------- C:\Program Files\Bonjour

2008-06-13 14:23 . 2008-06-16 20:48 <REP> d-------- C:\Documents and Settings\Steve\Application Data\Apple Computer

2008-06-13 14:22 . 2008-07-07 09:56 <REP> d-------- C:\Program Files\QuickTime

2008-06-13 14:22 . 2008-07-07 09:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-06-13 14:21 . 2008-06-13 14:21 <REP> d-------- C:\Program Files\Fichiers communs\Apple

2008-06-13 14:21 . 2008-07-07 09:55 <REP> d-------- C:\Program Files\Apple Software Update

2008-06-13 11:28 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\hidserv(2).dll

2008-06-13 10:19 . 2008-07-06 08:03 <REP> d-------- C:\WINDOWS\system32\drivers\Avg(2)

2008-06-13 10:19 . 2008-07-05 08:42 10,520 --a------ C:\WINDOWS\system32\avgrsstx(2).dll

2008-06-13 10:18 . 2008-06-13 10:18 <REP> d-------- C:\Program Files\AVG

2008-06-13 10:18 . 2008-07-07 12:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8

2008-06-13 09:57 . 2008-07-10 09:38 <REP> d---s---- C:\Documents and Settings\Steve\UserData

2008-06-12 16:53 . 2008-06-12 17:35 <REP> d-------- C:\Program Files\Fichiers communs\InstallShield

2008-06-12 13:09 . 2004-08-03 20:39 58,496 --a------ C:\WINDOWS\system32\drivers\redbook.sys

2008-06-12 13:09 . 2001-08-17 17:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys

2008-06-12 13:08 . 2008-05-02 22:46 6,554,496 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys

2008-06-12 13:08 . 2008-05-02 22:46 6,108,160 --a------ C:\WINDOWS\system32\nv4_disp.dll

2008-06-12 13:08 . 2004-08-03 20:54 77,312 --a------ C:\WINDOWS\system32\usbui.dll

2008-06-12 13:08 . 2004-08-03 20:43 5,504 --a------ C:\WINDOWS\system32\drivers\intelide.sys

2008-06-12 13:05 . 2008-06-12 13:05 <REP> d--h----- C:\Documents and Settings\Default User\Voisinage réseau

2008-06-12 13:05 . 2008-06-12 13:05 <REP> d--h----- C:\Documents and Settings\Default User\Voisinage d'impression

2008-06-12 13:05 . 2008-06-12 17:32 <REP> d--h----- C:\Documents and Settings\Default User\Modèles

2008-06-12 13:05 . 2008-06-12 13:05 <REP> d-------- C:\Documents and Settings\Default User\Mes documents

2008-06-12 13:05 . 2008-06-12 13:05 <REP> dr------- C:\Documents and Settings\Default User\Menu Démarrer

2008-06-12 13:05 . 2008-06-12 13:05 <REP> d-------- C:\Documents and Settings\Default User\Favoris

2008-06-12 13:05 . 2008-06-12 13:05 <REP> d-------- C:\Documents and Settings\Default User\Bureau

2008-06-12 13:05 . 2008-06-12 13:05 <REP> d--h----- C:\Documents and Settings\All Users\Modèles

2008-06-12 13:05 . 2008-06-12 17:41 <REP> dr------- C:\Documents and Settings\All Users\Menu Démarrer

2008-06-12 13:05 . 2008-06-12 13:05 <REP> d-------- C:\Documents and Settings\All Users\Favoris

2008-06-12 13:05 . 2008-06-12 17:33 <REP> dr------- C:\Documents and Settings\All Users\Documents

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-07 05:00 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-06-12 21:57 --------- d-----w C:\Program Files\CyberLink

2008-06-12 21:53 --------- d-----w C:\Program Files\Intel

2008-06-12 21:47 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-06-12 21:46 --------- d-----w C:\Program Files\Fichiers communs\Ahead

2008-06-12 21:45 --------- d-----w C:\Documents and Settings\Steve\Application Data\Ahead

2008-06-12 21:44 --------- d-----w C:\Program Files\Nero

2008-06-12 21:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero

2008-06-12 21:38 --------- d-----w C:\Program Files\microsoft frontpage

2008-06-12 21:35 --------- d-----w C:\Program Files\Services en ligne

2008-06-12 21:03 --------- d-----w C:\Program Files\Analog Devices

2008-04-30 21:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE

2008-04-21 07:02 663,552 ----a-w C:\WINDOWS\system32\wininet(2).dll

2008-04-21 07:02 617,984 ----a-w C:\WINDOWS\system32\urlmon(2).dll

2008-04-21 07:02 474,624 ----a-w C:\WINDOWS\system32\shlwapi(2).dll

2008-04-21 07:02 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw(2).dll

2005-07-29 20:24 472 --sha-r C:\WINDOWS\c3RldmUgZHVwb250\wal5xAo0tJpTvZcX.vbs

.

 

((((((((((((((((((((((((((((( snapshot@2008-07-09_22.40.59.60 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-07-10 02:38:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-07-10 13:37:25 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-07-10 02:53:58 29,926 ----a-r C:\WINDOWS\Installer\{BADF6744-3787-48F6-B8C9-4C4995401D65}\MsblIco.Exe

+ 2007-10-18 15:31:46 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03017810-cd66-849f-a47c-d11269d5080b}]

2008-07-03 10:45 364544 --a------ C:\WINDOWS\system32\pwcndjiabgtdjjmqt.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7403BC49-1B92-4F00-8683-46D8895A3DAD}]

C:\WINDOWS\system32\iifcCrOf.dll [bU]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FE38E56B-2F85-7550-FD3A-0DA2E0E94BB6}]

C:\WINDOWS\system32\sotr.dll [bU]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-08 21:37 171448]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"{ed4714d3-1995-52e9-4117-b8f4550c041c}"="C:\WINDOWS\system32\pygdnuivmrmodtoq.dll" [bU]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=

"E:\Program Files\Combat Arms\CombatArms.exe"= E:\Program Files\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

"E:\Program Files\Combat Arms\Engine.exe"= E:\Program Files\Combat Arms\Engine.exe:*Enabled:Engine.exe

"E:\\Program Files\\Combat Arms\\NMService.exe"=

"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

 

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-07 13:13]

R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2001-12-20 10:02]

R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-07 13:13]

R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-07 13:13]

R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-07 13:14]

R2 nhksrv;Netropa NHK Server;C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 07:41]

 

.

Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

"2008-07-08 23:19:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2008-07-10 16:57:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-10 13:34:52

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

Scan terminé avec succès

Les fichiers cachés: 0

 

**************************************************************************

.

Temps d'accomplissement: 2008-07-10 13:36:50

ComboFix-quarantined-files.txt 2008-07-10 17:36:29

 

Pre-Run: 9,526,022,144 octets libres

Post-Run: 9,551,630,336 octets libres

 

252

[bruce lee]

Bonjour tunesl1tr,

 

Désolé pour le délais mais je viens tout juste d'avoir le mail me disant que tu as posté une réponse...

 

1/ Ouvre le Bloc-notes ( Menu Démarrer\Tous les programmes\Accessoires\Bloc-notes)

 

2/ Copie ce qui est en citation ci-dessous (sans le mot citation) par sélection puis Ctrl-C :

 

File::

C:\714.bat

C:\WINDOWS\system32\pwcndjiabgtdjjmqt.dll

C:\WINDOWS\system32\iifcCrOf.dll

C:\WINDOWS\system32\sotr.dll

 

Folder::

C:\WINDOWS\c3RldmUgZHVwb250

C:\Temp\stmpv4

 

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03017810-cd66-849f-a47c-d11269d5080b}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7403BC49-1B92-4F00-8683-46D8895A3DAD}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FE38E56B-2F85-7550-FD3A-0DA2E0E94BB6}]

 

-Enregistre ce fichier dans: Bureau

-Nom du fichier : CFScript

-Type du fichier : tous les fichiers

-clique sur Enregistrer

-quitte le Bloc Notes

 

 

[*]Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

 

• Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide.
  
• Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
  Ne touche à rien tant que le scan n'est pas terminé.
  
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  
• Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
  

[tunesl1tr]

probleme règler mon mainboard a sauter et jai changer de pc merci pareille pour le coup de main

[bruce lee]

Met le problème en résolu dans ce cas.

 

@+